The Rise of Ransomware Attacks (S2:E57)
April 13, 2023
There is no end in sight to ransomware attacks. According to Cybersecurity Ventures, ransomware is predicted to cost $265 billion annually by 2031. To discuss the growth of these attacks, we are joined today by John Guerrero, CEO of Identify Systems, and Fred Hughes, CEO and owner of Phoenix Technology Solutions.
You're listening to Humans in Tech. Our podcast explores today's most transformative technology and the trends of tomorrow, bringing together the brightest minds in and outside of our industry. We unpack what's new in physical access, identity verification, cybersecurity, and IoT ecosystems. We reach beyond the physical world, discuss our digital transformation as a species, and dive into the emerging digital experience. Join us on our journey as we discover just how connected the future will be and how we will fit into that picture.
Leigh Dow (00:43):
Thanks for checking us out today. We're diving into the topic of ransomware attacks, and our guests are John Guerrero, CEO of Identify Systems and frequent podcast guest, and Fred Hughes, CEO and owner of Phoenix Technology Solutions based in Phoenix. Thank you both for joining us today.
John Guerrero (01:00):
Thanks for having me back.
Leigh Dow (01:01):
Yeah. So I'm going to kick this off with an icebreaker joke about our topic today that we stole with pride from one of the writers from Secure World News. Are you ready for it?
Fred Hughes (01:01):
Okay, let's hear it.
Leigh Dow (01:17):
Where did the cybersecurity team go for the last few days?
Fred Hughes (01:22):
Leigh Dow (01:22):
They ran somewhere. Dad jokes. Nothing but dad jokes. Tech dad, cybersecurity dad jokes right here. I'm here all day.
Fred Hughes (01:33):
There you go.
Leigh Dow (01:37):
So that was the intro to our topic today. There seems to be no end in sight to ransomware attacks and according to Cybersecurity Ventures, ransomware is predicted to cost a whopping 265 billion annually by 2031. The latest research shows that the first half of 2021 saw about 59 million in ransom payments with costs averaging about 4.62 million in 2021. And mega breaches costing as much as 100 times higher than that.
In the past few years, we've seen a rapid increase in the number of ransomware strains, and ransomware has entered the cloud environment as well. All you have to do is turn on the news and you hear about these kinds of attacks more frequently. So Fred, you own a technology solutions company based in Phoenix. Can you tell us a little bit about what you do?
Fred Hughes (02:27):
Sure. Well, I used to be in the computer business, but now things have changed so dramatically. So really it's now more about risk management with the way cyber crime has just grown so exponentially. We really focus on helping companies manage their risk by layering technology, security and monitoring, and really placing a strong emphasis on employee awareness training. Employees are really the weakest link. It only takes one person to fall for a phishing scam and it can take down the whole company.
Leigh Dow (03:00):
So just what is ransomware and how are your customers impacted by it?
Fred Hughes (03:06):
Well, ransomware is, it's a type of malware that encrypts the victim's files and it demands a ransom payment in exchange for the decryption key. So ransomware can be delivered through various methods like phishing emails, infected software downloads, or exploit kits. And really both companies and individuals can be impacted by ransomware. But the impact can be really, it's more severe for companies as they often have more sensitive and valuable data that's crucial for their daily operations and running their company.
Leigh Dow (03:40):
Fred Hughes (03:42):
Leigh Dow (03:42):
Are companies more at risk than individuals just because there's just a bigger get there?
Fred Hughes (03:48):
Yeah, that's the thing is that companies have more resources to pay a ransom if they're going to pay it. So yeah, they're a more attractive target for attackers.
Leigh Dow (03:57):
Got it. Well, what are some of the main types of ransomware? And maybe give an explanation of these.
Fred Hughes (04:03):
Well, again, there's several types of ransomware like crypto ransomware that encrypts all the files on a user system. So for example, say you log into your computer one day and then all of a sudden it seems really slow, it's really bogged down. All of a sudden you see the icons on your screen change and then you can't open any of them. And then you see this dreaded ransomware note demanding ransom in Bitcoin to get your files back. So hackers can gain access to your system and they can poke around in there for many months. Research shows that they may have gained access and been poking around in your system for maybe 90 to 100 days or more.
So even if you have backups, your backups might even contain the tools that the hacker used to get in there in the first place. And if you restore, those tools could still be there and then they'll attack when the time's right. So many people try not to pay the ransom and say, "Well, I'll just restore from backup," but the bad guys know this, and they may have already exfiltrated data from that system. Think about a dental office, doctor's office or hospital with thousands of patient records or a CPA with credit card numbers, bank account numbers, social security numbers, those types of things. The hacker threatens to release this information or sell it on the dark web and you'd be liable for all that.
Most companies, they still don't have proper cyber liability insurance in place, and even if they did, it might not even cover the attack. If they weren't adhering to the stipulations that are in that policy, their claim could possibly be rejected due to gross negligence.
Leigh Dow (05:40):
Well, and I would think that a lot of, some of the examples that you gave, these are people who, they are highly specialized in their field of expertise, but it certainly isn't this. So understanding risk mitigation is not their forte.
Fred Hughes (05:54):
Correct. Yep. Exactly. And many people think it's not going to happen to them.
Leigh Dow (05:59):
So John, as CEO of Identify Systems, can you tell us a little bit more about your job and your company?
John Guerrero (06:05):
Sure. Basically, at Identify Systems, we consult with organizations to assist them with addressing their network and cybersecurity concerns, as well as provide recommended solutions where applicable.
Leigh Dow (06:18):
So what experience do you have with ransomware?
John Guerrero (06:22):
Well, as someone who's been around the industry for, let's be kind and just say 20 plus years, my experience with ransomware began in, I'd say around 2012 with the emergence of digital currencies and Bitcoin, as Fred alluded to earlier. That was really a lighthouse moment for ransomware where criminals, cyber crooks, basically they can request payment via digital currency in Bitcoin, and it was completely untraceable. So that made their job that much more secure, we'll say, in avoiding capture, being caught, narrowed down to a culprit.
So once that really got going, it really was a shot in the arm for ransomware, unfortunately. And things increased over the next few years. And then we hit another huge influx of attacks with COVID being introduced and the workforce going remote, and the increasing availability and vulnerability of targets just grew exponentially.
So now, basically when we go out and we look at consulting with organizations and talking to new and existing clients, there's not a presentation that we give that doesn't include some type of address to ransomware and the concerns that it brings, and again, how to mitigate that risk.
Leigh Dow (07:49):
Well, we recorded a podcast earlier today with Secure World News and Drew Todd. It was about crypto crimes. Well, first of all, I asked him how does he do the research for his column without having the FBI come and show up at his door every day? But he was talking to us about ransomware and how you can go into some of these dark web spaces and just pay someone to go create havoc basically through ransomware, and that it's becoming more common. So what are some of the most popular choice of attack vectors for ransom cloud hack attackers, and how do they do that?
John Guerrero (08:34):
Good question. When it comes to ransom cloud attacks, malware and phishing emails are the common choices for cyber criminals. They target cloud-based mail servers like Office 365. A popular method for doing this is file sync piggybacking, and that's where they use a phishing attack to go after the victim's local computer with some malicious attachment or a link that's included in an email. The attachment is usually, it's usually a program that runs in the background, and this program then installs the malware. And after it gets in the system, the malware disguises itself as a request from a trusted application, like either an antivirus scan request or something of that nature, something that someone normally would trust. Once the user approves this, the malware is activated, and now it can spread itself across the network to any machine or server it might be connected to.
As it spreads, the cyber criminals are looking for a file sync service that's interacting with a cloud service. When it's been identified, the ransomware really just piggybacks on that file sync and allows the bad guys access to infect and encrypt data in the cloud. And hence, they have your data and next comes the ransom.
Leigh Dow (09:55):
My favorite phishing emails are the ones where they can't spell properly.
John Guerrero (10:01):
Exactly, exactly. You get a little hint of a foreign influence sometimes when you get some of these ransomware spams.
Leigh Dow (10:09):
So what are some of the... Oh, go ahead. I'm sorry.
Fred Hughes (10:11):
Well, I was going to say, they're getting better and better and-
Leigh Dow (10:13):
Oh, for sure.
Fred Hughes (10:14):
Many of you might have heard of chat GPT, the OpenAI. The ransomware guys, we might use it for fun stuff or cool stuff. They're using it to write more eloquent phishing schemes that do not sound different or bad language or bad grammar. They're basically perfect.
Leigh Dow (10:35):
And it's funny you bring them up-
John Guerrero (10:36):
They're accessing live data though. So they go out and incorporate that with live database of stolen passwords and say, "Your password that was compromised last week," and they list the password, "You need to go change it now," and then you go to their portal to change it. And they got you.
Leigh Dow (10:56):
It's funny you bring them up because just yesterday or day before yesterday, they put out a big news push, a big media push about how Ryan Reynolds used them to write his new Sprint, or not Sprint, what is his company?
Speaker 5 (10:56):
Leigh Dow (11:09):
Mint Mobile to go write the script for the commercial and the voice of Ryan Reynolds. And then after they did that, I went out to their website to check some stuff out and it was crashed. I don't know if it was so many users hit it because they were like, "Ryan Reynolds uses it, so I'm going to." It worked on me. So I don't know. So what are some of the most targeted industries for ransomware?
John Guerrero (11:36):
I like this question because I think it can be interpreted in a couple different ways. Banking, financial services, energy utilities, and medical clinicians and hospitals are all high value targets because of the personal data that they carry. Medical records, financial data, obviously, those are things that are really highly valued to them. So they go after them as well as many other targeted industries that have deep pockets.
But when you look at the small and medium businesses, you get a lot of activity in there simply because they may be smaller payouts, but they really draw so much less attention. So rather than going after a CNA for $40 million supposedly, which was the big talk a while back, they're going after hundreds and thousands of small businesses and capturing 5,000 to $50,000 because it's a smaller denomination, it attracts less attention. More companies and even insurance agencies that cover cyber insurance are willing to pay that amount to make it go away, rather than try to invest so much time to track this down. And you have to be get the FBI involved because it basically comes down to a resources versus dollars thing.
Leigh Dow (12:58):
So what, Fred, what was the most popular ransomware in 2022?
Fred Hughes (13:02):
Well, with 192 attacks in the third quarter alone, LockBit 3.0 ransomware was the most prominent variant of 2022, but it impacted 42 countries with the US as the top target. But the new and improved LockBit 3.0 had made significant improvements over 2.0, including features to thwart researchers. So it makes it difficult for them to try and work on it and figure out what it does or how it infects people. And it's ransomware as a service. It's like any software as a service that you can get on the internet. Like, Microsoft 365 is a software service that you get online. You could subscribe to this ransomware as a service and sign up and use it or become an affiliate and even get paid for helping it to infect victims' computers.
Leigh Dow (13:49):
That was my next question, does this all come from one place? Or is it like people go pick it up as code? How does it get to be so prolific?
Fred Hughes (13:58):
Well, there's so many out there now, and like I said, this one's ransomware as a service. Other ones, you can find scripts and those kinds of things on the dark web and use those various tools that are out there. The smarter ones obviously know how to hide behind layers and layers of protection so that people can't find out where they are. The people that get caught are the ones that aren't so smart, and they grab these scripts and they run them from their computer with their current IP address and the FBI comes knocking on their door.
Leigh Dow (14:30):
So how long do these attacks last and how do people prevent these types of attacks?
Fred Hughes (14:37):
Attacks can last days, weeks, or even months. Depending on the severity and maybe what regulations or compliance requirements are in place like HIPAA compliance for the medical industry, it can take longer because you have to bring in a forensic response team. And even if you have backups and you have the ability to restore, that could be considered tampering with evidence. You need to wait until the insurance companies, attorneys, forensic teams complete their investigations. So that means extended downtime for business. And what we've seen is many businesses, they don't even have a full incident response plan in place to be able to handle something like this. They don't have alternate operating procedures in this type of attack. So just think about you and how you would function in your role, at your job, without your email or your document storage or even your computer.
Leigh Dow (15:29):
Yeah. You just kind of grind to a halt, huh?
Fred Hughes (15:31):
Leigh Dow (15:32):
So what else do you think our audience needs to know about when it comes to ransomware attacks, mitigating them, planning for them?
John Guerrero (15:40):
There's a few things that you can do, but I think you really need to embrace the technology that's available now, utilize a lot of different aspects of things. I hesitate to say that there's any one organization or one solution out there that will do everything from an OEM perspective. I think you need a powerful antivirus, malware protection software. You need to take advantage of technology like multifactor authentication and encryption technologies wherever possible. And whether it's at an application or a solution centric level.
I'll repeat what Fred had mentioned earlier, and I think it goes that it can't be said enough that employee training is key. Granted, doesn't take a lot of technology to train employees on this, but it's one of the most important part of it because, again, as Fred had stated earlier, it only takes one mistake by one customer to open up, or one employee, excuse me, to open up one email that really can cause tremendous damage.
Leigh Dow (16:46):
Well, thank you both so much for joining us on this episode of Ransomware Attacks. Thank you for putting up with my dad joke and taking time out of your day to talk about this. It's a really important topic. I think one of the things that I took away from this is that it's not something that only big companies need to worry about.
John Guerrero (17:04):
Leigh Dow (17:06):
And for our audience, please like and subscribe if you enjoyed this podcast. We drop new episodes every week.
Speaker 1 (17:11):
Eliminate the risk of data breaches, phishing, password theft, and replay attacks with hardened multifactor authentication cybersecurity. Passwordless logins are simple and secure with uTrust FIDO2 NFC+ Security Keys. Insert the device, tap the button, and get secure access. It really is that easy. Learn more at identiv.com.
We design powerful NFC enabled identity solutions that seamlessly integrate into kiosks, terminals, vending machines, slot machines, betting machines, and more. Our new uTrust NFC Kiosk KIT features our contactless USB CCID uTrust 3523 F Reader Module, NFC antenna and highly customizable LED Array. The kit can easily support loyalty cards and digital wallets. If you're ready to add NFC to your slot machine or kiosk, speak to an expert today at identiv.com.
Physical security, identity verification, the IoT, the hyper connectivity of our lives will only grow more pervasive as technology becomes more automated and experiences more augmented. It's up to us to preserve our humanity and use new tools and trends for good. The only question is, are we up for the challenge?